diff options
author | Julian Krause <julian.krause@gmail.com> | 2013-12-05 11:06:27 -0800 |
---|---|---|
committer | Julian Krause <julian.krause@gmail.com> | 2013-12-05 11:06:27 -0800 |
commit | d6f14daf49036a434bc0a6b190457694f8703be1 (patch) | |
tree | b633d809e552a590d9d663d6445f7b1c894e3fdd /docs | |
parent | 9c3088fe12d844a2007e0eff0eb947af53de7f60 (diff) | |
download | cryptography-d6f14daf49036a434bc0a6b190457694f8703be1.tar.gz cryptography-d6f14daf49036a434bc0a6b190457694f8703be1.tar.bz2 cryptography-d6f14daf49036a434bc0a6b190457694f8703be1.zip |
Improve documentation.
Diffstat (limited to 'docs')
-rw-r--r-- | docs/conf.py | 1 | ||||
-rw-r--r-- | docs/hazmat/primitives/constant-time.rst | 18 |
2 files changed, 15 insertions, 4 deletions
diff --git a/docs/conf.py b/docs/conf.py index 77050e72..c6479ef3 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -257,6 +257,7 @@ texinfo_documents = [ # How to display URL addresses: 'footnote', 'no', or 'inline'. #texinfo_show_urls = 'footnote' +linkcheck_ignore = [r'http://rdist.root.org/'] # Example configuration for intersphinx: refer to the Python standard library. intersphinx_mapping = {'http://docs.python.org/': None} diff --git a/docs/hazmat/primitives/constant-time.rst b/docs/hazmat/primitives/constant-time.rst index 2e8e26d7..4e00e9b9 100644 --- a/docs/hazmat/primitives/constant-time.rst +++ b/docs/hazmat/primitives/constant-time.rst @@ -6,11 +6,17 @@ Constant time functions .. currentmodule:: cryptography.hazmat.primitives.constant_time In order for cryptographic operations to not leak information through timing -side channels, constant time operations need to be made available. +side channels, constant time operations need to be used. + +One should use these functions whenever you are comparing a secret to +something received. This includes things like HMAC signatures as described by +a `timing attack on KeyCzar`_. + .. function:: bytes_eq(a, b) - Compare ``a`` and ``b`` to one another in constant time. + Compare ``a`` and ``b`` to one another in constant time if they are of the + same length. .. doctest:: @@ -20,5 +26,9 @@ side channels, constant time operations need to be made available. >>> constant_time.bytes_eq(b"foo", b"bar") False - :param a: ``bytes``. - :param b: ``bytes``. + :param a bytes: The left-hand side. + :param b bytes: The right-hand side. + :returns boolean: True if ``a`` has the same bytes as ``b``. + + +.. _`timing attack on KeyCzar`: http://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/ |